Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aiax3htV0Q0RsY4FZNRbytljH9M.roa
File: Aiax3htV0Q0RsY4FZNRbytljH9M.roa (raw, json)
Hash identifier: HL24BTYdqpnfNjbAi4puHU9mskzdrU662LMop+p9IT0=
Subject key identifier: 02:26:B1:DE:1B:55:D1:0D:11:B1:8E:05:64:D4:5B:CA:D9:63:1F:D3
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189CEDB31A497C340C27DA0C79E9EF43FCC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aiax3htV0Q0RsY4FZNRbytljH9M.roa
Signing time: Mon 07 Aug 2023 07:16:58 +0000
ROA not before: Mon 07 Aug 2023 07:16:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 81.168.41.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.140.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
109.176.240.0/24 maxlen: 24
109.176.242.0/24 maxlen: 24
109.176.243.0/24 maxlen: 24
109.176.241.0/24 maxlen: 24
109.176.250.0/24 maxlen: 24
109.176.247.0/24 maxlen: 24
82.153.227.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.249.0/24 maxlen: 24
81.5.156.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
89.213.41.0/24 maxlen: 24
89.213.44.0/24 maxlen: 24
89.213.173.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.180.0/24 maxlen: 24
89.213.182.0/24 maxlen: 24
89.213.186.0/24 maxlen: 24
89.213.184.0/24 maxlen: 24
89.213.185.0/24 maxlen: 24
89.213.187.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.213.0/24 maxlen: 24
109.176.210.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.140.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.150.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
89.213.160.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
89.213.168.0/24 maxlen: 24
81.168.116.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ce:db:31:a4:97:c3:40:c2:7d:a0:c7:9e:9e:f4:3f:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 7 07:16:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0226b1de1b55d10d11b18e0564d45bcad9631fd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:72:c2:68:69:79:ee:08:c2:e7:44:69:6a:84:
3e:a3:99:a2:e5:82:e1:95:99:30:15:7a:bb:60:8e:
c6:2a:1a:a3:fe:9a:19:5c:5c:c5:0f:1e:cf:c9:00:
0f:2e:c6:73:e8:58:e8:97:05:c5:ff:73:89:d8:fd:
b6:b5:e0:90:a9:6a:99:76:bf:b8:23:19:16:2e:fa:
81:7c:fc:27:7d:33:83:53:1b:43:6f:79:6a:4e:02:
fa:93:00:82:b9:da:45:e8:81:8c:f8:91:ce:93:c4:
c6:83:5f:70:8f:73:5e:fe:21:34:9e:c7:04:e3:4d:
7a:4e:e9:bb:e1:42:f4:6e:54:3b:da:85:37:0f:85:
c2:4e:5d:86:53:8b:ac:fe:fd:81:3d:12:af:45:f9:
91:2c:72:9f:83:0b:29:80:dc:9d:ff:df:ef:98:ce:
13:b7:36:f7:42:d7:40:e3:28:c8:a8:85:7c:e8:74:
02:fe:ef:eb:ee:e1:16:02:e9:a5:bb:df:14:01:d4:
24:5a:0a:c9:83:40:a5:64:d0:69:d1:e7:c6:c1:0b:
75:ad:99:3c:1b:27:39:78:09:ac:68:fb:2d:ef:3c:
1b:ab:92:aa:95:1f:6d:9a:da:b3:ea:82:aa:e4:55:
f3:1e:97:cb:05:6b:fc:27:69:66:ca:99:8f:5d:df:
b0:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:26:B1:DE:1B:55:D1:0D:11:B1:8E:05:64:D4:5B:CA:D9:63:1F:D3
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aiax3htV0Q0RsY4FZNRbytljH9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
81.168.116.0/24
81.168.119.0/24
81.168.123.0/24
82.152.111.0/24
82.152.252.0/23
82.152.255.0/24
82.153.1.0/24
82.153.73.0/24
82.153.78.0/24
82.153.136.0-82.153.140.255
82.153.223.0/24
82.153.227.0/24
82.153.240.0/24
82.153.249.0/24
89.213.41.0/24
89.213.44.0/24
89.213.136.0/24
89.213.139.0-89.213.140.255
89.213.150.0/24
89.213.152.0/24
89.213.155.0/24
89.213.160.0/24
89.213.163.0/24
89.213.168.0/24
89.213.173.0/24
89.213.176.0/24
89.213.180.0/24
89.213.182.0/24
89.213.184.0/22
109.176.210.0/23
109.176.213.0/24
109.176.240.0/22
109.176.247.0/24
109.176.250.0/24
185.49.125.0-185.49.127.255
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
a7:2d:0a:fa:48:b8:fc:7f:07:a8:6d:9e:d7:63:9d:66:8f:56:
cf:68:c8:56:55:3a:7d:8c:95:d7:28:51:c7:a3:9a:21:fd:e2:
be:31:57:6f:be:70:6d:64:8e:42:c9:d3:ea:34:d5:2b:9d:88:
d3:7c:b7:a8:07:15:ec:72:65:a5:95:35:f1:75:88:0e:c6:fc:
d9:aa:2d:1f:4b:87:f5:8a:ec:48:a5:05:a6:80:1e:00:ce:3b:
ea:ae:16:60:a1:1c:88:41:71:2c:8a:38:d7:86:fa:12:72:21:
13:20:b8:6c:49:69:0d:ab:21:ef:84:64:ad:3a:6b:68:9b:79:
a1:1c:3b:8e:c7:51:da:46:b9:aa:6a:6c:d6:bc:09:00:08:bc:
cb:ba:bc:e1:6b:4b:74:7a:dd:cd:90:fa:ab:10:4e:1f:9b:41:
6a:09:00:cc:5c:d2:c6:92:4f:da:0d:55:d0:13:d4:d9:18:3e:
80:ba:72:3b:37:05:aa:e5:ce:c3:6e:6e:b4:76:1c:c6:dd:cf:
15:ef:d7:b2:3c:b8:a2:86:87:4f:f6:e7:80:b7:57:18:fc:ff:
90:bc:a7:df:90:38:3d:90:b1:b5:28:41:a3:b2:1a:36:c0:07:
57:5c:2e:ea:8d:a2:37:56:5f:c3:5c:d5:31:b6:f0:bf:7b:8a:
82:ce:1d:c9
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAYnO2zGkl8NAwn2gx56e9D/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA3MDcxNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI2YjFkZTFiNTVkMTBkMTFiMThlMDU2NGQ0NWJjYWQ5NjMxZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHLCaGl57gjC50RpaoQ+o5mi5YLh
lZkwFXq7YI7GKhqj/poZXFzFDx7PyQAPLsZz6FjolwXF/3OJ2P22teCQqWqZdr+4
IxkWLvqBfPwnfTODUxtDb3lqTgL6kwCCudpF6IGM+JHOk8TGg19wj3Ne/iE0nscE
4016Tum74UL0blQ72oU3D4XCTl2GU4us/v2BPRKvRfmRLHKfgwspgNyd/9/vmM4T
tzb3QtdA4yjIqIV86HQC/u/r7uEWAumlu98UAdQkWgrJg0ClZNBp0efGwQt1rZk8
Gyc5eAmsaPst7zwbq5KqlR9tmtqz6oKq5FXzHpfLBWv8J2lmypmPXd+wTwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFAImsd4bVdENEbGOBWTUW8rZYx/TMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQWlheDNodFYwUTBSc1k0RlpOUmJ5dGxqSDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
AwQAUQWcAwQAUagpAwQAUah0AwQAUah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/
AwQAUpkBAwQAUplJAwQAUplOMAwDBANSmYgDBABSmYwDBABSmd8DBABSmeMDBABS
mfADBABSmfkDBABZ1SkDBABZ1SwDBABZ1YgwDAMEAFnViwMEAFnVjAMEAFnVlgME
AFnVmAMEAFnVmwMEAFnVoAMEAFnVowMEAFnVqAMEAFnVrQMEAFnVsAMEAFnVtAME
AFnVtgMEAlnVuAMEAW2w0gMEAG2w1QMEAm2w8AMEAG2w9wMEAG2w+jAMAwQAuTF9
AwQHuTEAAwQA1ZgqMA0GCSqGSIb3DQEBCwUAA4IBAQCnLQr6SLj8fweobZ7XY51m
j1bPaMhWVTp9jJXXKFHHo5oh/eK+MVdvvnBtZI5CydPqNNUrnYjTfLeoBxXscmWl
lTXxdYgOxvzZqi0fS4f1iuxIpQWmgB4AzjvqrhZgoRyIQXEsijjXhvoSciETILhs
SWkNqyHvhGStOmtom3mhHDuOx1HaRrmqamzWvAkACLzLurzha0t0et3NkPqrEE4f
m0FqCQDMXNLGkk/aDVXQE9TZGD6AunI7NwWq5c7Dbm60dhzG3c8V79eyPLiihodP
9ueAt1cY/P+QvKffkDg9kLG1KEGjsho2wAdXXC7qjaI3Vl/DXNUxtvC/e4qCzh3J
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:28:18 2025 by rpki-client